Re: high-end firewall
Just go here and read this.
Since you have the rare opportunity to start from zero, stand on the sholders
of the giants who made such things managable over possible.
http://www2.linuxjournal.com/lj-issues/issue89/4815.html
"
Feature
Taming the Wild Netfilter
"
The article has it all; even (b)leading edge examples!
("Sliding down the bleading edge of thehnology!" Firesign Theatre)
You can even/especially follow the "directions" AT HOME (guaranteeeeee, you
do NOT embark on a
"career breaker".
(linuxcentral.com will mail you a full/max distribution w/source!!! to set
aside; ANY/EVERY/ALL Linux distributions @ ------ $1.50 !!!!! -------
EACH!!!! ALL source files in there TOO (templates; great, fast,max-efficient
ones, for any/everything u could ever need/want to do? Like OBEY the LAW!
while learning! "Trust and verity":RR. NO! That's "verify")!!! That's what I
paid for 6/7 of them a year of so ago; YES! Darn near every one of them IS
self installing; tho if you want to keep W98 etc. on HD & dual boot, better
"call back", it's tricky to "Trivialize"/SECURE-CURRENT-HD-CONTENTS in that
case; done it; many times; each/all worked w/max/TRUE
current-data-secure-w/o-risk. WHAT IF YOU OFFERED THAT!! TO YOUR
"CLIENTS/CUSTOMERS"???? Generate; A TECH-V.P. OFFER? MOUNTING AND USING ALL
WIN/DOS STUFF ONTO/WITHIN LINUX!!! YEAH. Been there. Done that. Still doin
it, too. The very few Dos/Win progs. that aren't "wine-ing" yet can bee stuck
(sic) on some current/legacy box in the SEE(M)LESS (sic) dept-network YOU
WILL provide.)
Regards,
Jim Cunningham
"
If I have seen far, it is because I have stood on the shoulders of giants.
"
(author: go look it up! Now THAT would be "education"!!)
P.S.
Many are sucessfully using old 486s w/bios CD-boot to "pass<filter" LOTS of
packets (scaling groups of these up is well documented from quite a while
ago; since they were FREE OLD SURPLUS STUFF: i smell a HGERO's opportunity
here? you "CORNER THE GARNERING OF ALL BOXES THAT ANY/EVERBODY ELSE
UPDATES/REPLACES; THROW'EM A FEW BUDGET-BUKS!! bc. when that makes them able
to afford upgrades;MAN, THEY LOVE YOU SOOOO MUCH!! NEW P IIIs ARE CHEAP,
and just THE thing ;Celerons/AMDs;you can get new FAST ones@CHEAP$). Old P
IIIs should kick buts. May be lots of RAM chips in other boxes to "brusque
out" a chosen box, too (watch bus>chip(s) speed matching issues). The CD
auto RE-boot is SWELL! (you burn your own to reboot your exact FW environ,
and distribs. of changes is trivialized in a secure manner; this is a BEST
approach to most "distribution" CONTROL issues, IMHO; especially!!!, bc. you
decide what they WROTE that you are responsible for their box
auto-roboots-what: controlling! > if they put unauthorized stuff on their
box=we don't compound THEIR error/insubordination)
P.P.S.
RE:
The above; all of it;
DO-ABLE!!! (did it)
'you might ask yourself...same as it ever was...and you might ask
yourself...same as it ever was"
(Talking Heads)
sorta?
GoSee; "smoothwall" .org(?)!! their free (YES, THE 4 LETTER "F" WORD EVERYONE
in business ownership/mgmnt. IS SO AFRAID OF) dist. IS
most-curret-full/rich-SECURE-TO-THE-RECENT-MAX.! (as it's ONLY goal; excuse
for existence; we need yet another commercialized dist. of linux!; like the
world needs yet another G/L pkg. Doesn't it?) I did find one typo in a
kernel re-build/config srcfile, tho, that was trivial for me to fix; and yes
I will/have (depending on when you read this) "busted on em".
It waaay! self installs/CONFIGURES-ITSELF-TO-WHATEVER-IS-"THERE" (SOME SIMPLE
QUESTIONS RE: HOW MUCH REAL SOPHISTICATION ARE YOU READY FOR) on an old 486
WITH-w/o CD/modem/nic/whatever; EASILY (as only disk partition!); on
small/slow HDs even, w/LOW mem. even (it's trivial! to get it up! You TURN
THE BOX ON!!!! Imagine the re-boot CDs you could dist. from hereabouts).
YET, you can LEARN security from this group, via their dist.'s
"configuration" (ESPECIALLY what they chose to NOT put in it!; which they
TELL) When these guys dist./ship/install/DELIVER "netfilter": 1) that will
be that, re: packet filtering 2) you can by then be ready to del.-the-goods
for Corp./Career/Corp.-Careers-of-tame(sic)-members w/self-experience and
self success, as a leader! Waaaay COOOOL! Huh? So what in the world would I
do to top that???? Why you would (obviously!) be ready, by then, to get paid
(way lots) to deploy postgresql and help retire the concept "legacy systemS",
of course.
But what if we just have them all add a second HD, a FAST one, that "melds"
w/current controller/whatever, and just give them a CD w/instructionns to
"Shutdown w/powerdown; put the "totally encrypted/hooked -to-our-team-ONLY"
CD in; powerup;go kick but for the team guy's"? It could happen!
Reply to: